Comment 8 for bug 1825819

Having looked into this in more detial, the problem seems to be caused by the other version of easy rsa calling set_client_cert[1].

This then updates a dictionary `to_publish_raw` which is picked up by get_client_cert (deprecated) [2].

This is fine, but recent versions of layer-tls-client use a client_cert_maps to provide certificates on a per host basis. This method does not pick up `to_publish_raw`[3, 4].

I am proposing a fix where layer-tls-client checks for per-server certs, and falls back to global certs after failing to find per server certs.

[1] But othe old method updates to_publish_raw:
    https://github.com/charmed-kubernetes/interface-tls-certificates/blob/2fc3f1ee969bad4431b18428993776e82e122309/provides.py#L80
[2] https://github.com/charmed-kubernetes/interface-tls-certificates/blame/2fc3f1ee969bad4431b18428993776e82e122309/requires.py#L164
[3] https://github.com/charmed-kubernetes/interface-tls-certificates/blame/2fc3f1ee969bad4431b18428993776e82e122309/requires.py#L244
[4] https://github.com/charmed-kubernetes/interface-tls-certificates/blame/2fc3f1ee969bad4431b18428993776e82e122309/requires.py#L89